speedie-page/articles/Host your own services NOW.md

Host your own services NOW

2023-06-24

I talk a lot about freedom, privacy and free software on this blog, but today I want to talk about hosting your own services. But why should you host your own services? Isn't that really scary and difficult? Doesn't it require very powerful hardware? No, not really and I'm going to talk about some of the benefits here.

Alright so let's talk a bit about why you should host your own stuff and what you can host. There are many different services you can host. I'm hosting my website, some files, a Git server, wiki, email server and might host more in the future. But there are many cool things you can host, such as a Matrix homeserver, IRC network, SearX instance, PeerTube, NextCloud, it goes on and on. I won't be talking much about the specific services you can host today. But why should you host all of this stuff? Why not just use Gmail, or a public SearX instance, or GitHub, or any of these public services?

It's because as the sysadmin, you are very powerful and have a lot of power over your users and your services, and my site and services are no exception. You have power over everyone that uses your site and services. The ability to delete their accounts, look at what they're doing, all of these different things that you have no control over. When you host your own services though, the only one who is going to be able to see what you upload to your server is you (and your VPS provider if you're hosting using a VPS). Maybe other people can see it if they manage to compromise your server or you let your web server serve content that you don't want public. But in general, you're the only one who is going to be able to see that.

Let's take a public SearX instance for example. Let's say you visit searx.speedie.site and use it as your primary engine. Now, this search engine does not exist because I host my SearX instance locally but anyways, if you visit my SearX instance and use it to search for things, I have the power to log the search queries you search for, and I have the ability to see all the anime pornography you search for with great shame. Do you really trust me to not look at your search queries? No? So why should you trust any other SearX instance or hell, even Google for that matter. For this reason, you should take matters into your own hands and host your own services that you have control over. That way, you have the power to customize anything and everything about the service you're hosting, shut it down at any time to perform maintainence, set up logging, shred all logs and log absolutely nothing, etc.

But, doesn't hosting your own services require spending a lot of money? Doesn't it require a very powerful computer? No. If you want to host many, massive big files on a VPS or server that you rent, you may not have that much disk space. But even if that's the case you can host from home on a cheap old Dell Optiplex or maybe even a Raspberry Pi and just connect storage to it. I'm hosting a Git server using Gitea, and all the repositories Gitea handles combined only takes up approximately 870MB. And my public folder where I host downloads to all my software only takes up about 30MB. That really isn't much, and you can host that and much, much more on a cheap VPS. And the spmenu wiki I host takes up 31MB. So unless you want to host many, massive files I think making the argument that you don't have space is ridiculous. Any desktop computer from.. say 2008 or later is going to be able to handle hosting your site, and the terrible hard drive it has is going to be able to hold all of your files as well.

You can get a cheap VPS from Vultr for $3.50, and you can get a domain for usually very cheap as well. I went with Namecheap for my domain name, and they seem quite reliable and not very expensive. If you want to get a VPS from Vultr, feel free to use my referral link. There are other VPS companies though, and I still recommend hosting from home if you are able to, and your ISP reliably allows you to because it's likely still going to be a bit cheaper, but more importantly means you avoid the ability for your VPS provider to look at the contents of the virtual hard disk, and you are able to use more disk space. You have a lot more freedom that way. Still, a VPS is not a bad choice if you just want to host a few services and your personal site, but it's probably not the best option if you want to host NextCloud or a lot of big files or use it as a media server or anything like that. It also makes a lot more sense if you want to, for instance set up a VPN. Doing that on your own network doesn't make much sense unless you use the VPN away from home.

I won't get into hosting from home as that isn't something I'm familiar with (although I might try it at some point), and I also won't get into more complex setups or containers, just the basics. While I'm not a particularly big fan of Debian based GNU/Linux distributions, simply because of their old packages and the apt-get package manager, it's a fairly good choice if you want things to just work and serve your content all day every day. Despite not really liking Debian very much, it's what this website is hosted on, along with my other services I have.

When I'm using a VPS, I usually start by adding a new user and giving him a password. Then I usually install doas because it's smaller and has had fewer vulnerabilities than the more bloated sudo that people use. Then I will copy over my SSH keys to that user's .ssh directory. Finally, I always disable authentication using passwords for SSH, and more importantly I disable SSH as the root user. I do this because the root user is present on almost every machine, meaning if you want to gain access to someone's server by bruteforcing, a safe bet is to try to gain access using the root account. Then for extra security I will disable the actual root user, so the only way to gain superuser is to use doas Now you may have to open ports to be able to host anything on it. If you want to host websites you will have to open TCP port 80 for HTTP and 443 for HTTPS. On Vultr VPSes this is done using the ufw command, which is the firewall the VPS comes with. It should be noted though, that if you want to host an email server you will need to open port 25 used for SMTP, and should be done with the ufw command as well, but you also need to file a ticket on Vultr's website giving a valid reason for wanting the port to be opened. Usually they will accept your request, though.

Now that you've opened the ports you need, you can start hosting the services you wish to host. I would probably install Apache and php-fpm for PHP to get my website set up now. A VPS is going to function exactly like any GNU/Linux computer you're used to, although it will not have a graphical environment. Therefore you should expect to get familiar with Vim, it is your best friend. Anyways, you should host your own services, instead of using public services because it's more private, more secure, and you have much more control than with a public service that many people are going to use.